A Reflection on the Federal CIO Council Mobility Report
On Tuesday the Federal CIO Council released a Mobility Report. This report highlights several customer challenges associated with supporting a mobile environments and implementing Steve VanRoekel's Federal Digital Strategy. The challenges highlighted are consistent with the challenges that many of our government customers have articulated to Symantec:
- Mobile Device Management: the need to manage devices and configure them in a way that is consistent with an agency's mobile policy
- Mobile Application Store: the need to have a well managed application store where applications can be authorized, secured and managed consistently and centrally for an organization
- Identity and Access Management: the need to have appropriate identity and access management controls for mobile devices with authentication and encryption capabilities that meet federal standards
- Data Standards: the need to work with industry to bridge security gaps and standards that are lacking in smart devices today, while also identifying policy and legal issues that may need to be addressed to accommodate future capabilities.
In addition to these challenges, I see another huge issue that is often overlooked by many organizations: the challenge of protecting information. Today a growing set of threat actors are not looking to access a mobile device as the end goal, but rather to get access to the information on that device or to gain access to the cloud that the device is accessing. It is not enough to simply protect or manage the device. Just as, if not more important, is the ability to manage and secure the applications and information that end users are accessing on these devices. A holistic data protection strategy associated with mobile environments is critical to any agency or enterprise.
Near the end of the report, the council states "In the next phase of Digital Government Strategy implementation, several deliverables will help address some of the recommendations presented in this document. For example, the mobile security reference architecture….will include use cases that will help the Federal Government adapt policy, accept technology, and provide risk management requirements that better match the use of mobile innovation."
I think these actions and upcoming deliverables are critical to providing the appropriate level of guidance and support to federal agencies who are currently faced with these issues and the need to implement a mobile strategy. There is a critical role for industry to play to help educate the federal government on information protection and mobility best practices, development of use cases, and establishment of standards.
I look forward to hearing more from the Federal CIO Council how they plan to engage industry on these topics in more depth and how Symantec can support the Administration's efforts to enable mobile within the Federal Government.